My Life Flashing Very Slowly Before My Eyes

Hackers

While remediating an appliance distributor's (who shall remain nameless) websites from the SoakSoak exploit, the site owner complained about malware "coming back" after being cleaned over-and-over by the former service provider. I logged into their InMotion Hosting control panel where I was greeted with a warning that there was a potential man-in-the-middle attack due to an expired certificate! Then I got another warning that their version of MySQL was obsolete and needed to be upgraded. Digging deeper, I found a variety of user accounts in both the application and the database that had the signature of a hacker - not totally random, but cryptic and/or occasionally named to sound official, like "system account" and such. I'm not sure how InMotion Hosting's certificates were invalid, but once I saw warnings about the host themselves and the back-door, system-wide user accounts I figured it was time to get the hell out of there.

Tags:

In mid-October Drupal announced a serious defect in the Database Abstraction Layer allowing guest users to gain full access to a site and server. The security noticed can be found at the FAQ on SA-CORE-2014-005 on the Drupal website.

This exploit creates the ability for attackers to place their own PHP files on your server for remote execution, or to inject their own code into pre-existing files.

Ways to detect a breached system - and steps to remediate:

Look for files with a datestamp in October 2014

If you didn't upload any new versions or modules in October 2014, there should be no php or include files with these datestamps. Use the Linux FIND command to find files last edited on or after October 1st, 2014 and then check those files.

Locate files with PCT4BA6ODSE_ in them

Tags:

CodeSpaces, a popular service for housing and archiving developers' source code, was attacked last night and put PERMENANTLY OUT OF BUSINESS by a Distributed Denial of Service (DDOS) attack!!! Their web page today reads as follows:

We are experiencing massive demand on our support capacity, we are going to get to everyone it will just take time.

Code Spaces : Is Down!

Dear Customers,

On Tuesday the 17th of June 2014 we received a well orchestrated DDOS against our servers, this happens quite often and we normally overcome them in a way that is transparent to the Code Spaces community. On this occasion however the DDOS was just the start.

Tags:

Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated with progress reports.

What we know

Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.
Progress report